My log files
- Thread starter massguy35
- Start date
- Status
Bobbye
Posts: 16,313 +36
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
1. Start> Run> msconfig> enter> Selective Startup Startup tab> UNCHECK all Ask- related processes> Apply> OK.
2. Control Panel> Add/Remove Programs> UNINSTALL all Ask-related entries.
3. Remove ALL of the following from the Trusted Zone:
Open Internet Explorer> Tools> Internet Options> Security tab> Trusted Sites> Sites> find each of the following processes> click to highlight> Remove
Update and scan with Malwarebytes again.
Run SDFix:
* Download SDFix HERE and save it to your Desktop.
* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Boot into Safe Mode
* Restart your computer and start pressing the F8 key on your keyboard.
* Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Run SDFix
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.
1. Start> Run> msconfig> enter> Selective Startup Startup tab> UNCHECK all Ask- related processes> Apply> OK.
2. Control Panel> Add/Remove Programs> UNINSTALL all Ask-related entries.
3. Remove ALL of the following from the Trusted Zone:
Open Internet Explorer> Tools> Internet Options> Security tab> Trusted Sites> Sites> find each of the following processes> click to highlight> Remove
When through, reboot into Normal Mode: NOTE: you will get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup.
Update and scan with Malwarebytes again.
Run SDFix:
* Download SDFix HERE and save it to your Desktop.
* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Boot into Safe Mode
* Restart your computer and start pressing the F8 key on your keyboard.
* Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Run SDFix
Rescan with HijackThis when through. Attack reports and log.
Bobbye
Posts: 16,313 +36
You have to UNCHECK the entries on the startup menu before you can uninstall it. But I don't see any processes from Ask loading.
IF you don't change anything, you don't get the nag message,
Did you remove these from the Trusted Zone?
Remove then again, then put each on in the Restricted Zone. type in exactly like it is above: for instance, type this in *.virusremover2008.com
Run one more HijackThis scan and attach the log. If those URLs in Safe Mode have been handled, we will remove the cleaning tools
There are no Ask processes to check.
When I go in to explorer it does not show any of those as trusted sites(I did remove them all before) When I try to add them to the restricted list I get a message saying The site you specified already exists in another zone. Please romove the site from that zone before adding it to the current zone.
But like I said its does not show up on the trusted sites list.
When I go in to explorer it does not show any of those as trusted sites(I did remove them all before) When I try to add them to the restricted list I get a message saying The site you specified already exists in another zone. Please romove the site from that zone before adding it to the current zone.
But like I said its does not show up on the trusted sites list.
Bobbye
Posts: 16,313 +36
Okay, let see if they're hiding:
Control Panel> Folder options> View tab> CHECK 'show hidden files and folders'> Apply> OK.
Now go to Trusted Sites and see if they show. We need to find them because they should not have Trusted Zone privileges. If we can't find them, I'll see if one of our code writers can assist. If you are able to remove from Trusted then put in Restricted, when through, go back and re-hide the files and folders.
Control Panel> Folder options> View tab> CHECK 'show hidden files and folders'> Apply> OK.
Now go to Trusted Sites and see if they show. We need to find them because they should not have Trusted Zone privileges. If we can't find them, I'll see if one of our code writers can assist. If you are able to remove from Trusted then put in Restricted, when through, go back and re-hide the files and folders.
xxdanielxx
Posts: 1,069 +0
you need to run smith fraud fix bobbye should be able to help you with that
Sorry this post may be classed as unrelated to topic, but...
Bobbye, I really was worried (ie BD went then you?)
Sorry to hear you were ill, I hope you are either ok now, or on the mend :grinthumb
Really hoping we do see more of your excellent and highly appreciated support posts
Pretty sure you're the best here at Virus\Malware removal help
Bobbye, I really was worried (ie BD went then you?)
Sorry to hear you were ill, I hope you are either ok now, or on the mend :grinthumb
Really hoping we do see more of your excellent and highly appreciated support posts
Pretty sure you're the best here at Virus\Malware removal help
Well nothing bad in HJT log
Bu Malwarebytes (updated :grinthumb) was only run for 4mins - quick scan
This program runs for 10 mins And it's very good at catching undetected malware, please run this:
Download Combofix
Lots of info on its use h e r e
Direct download h e r e
Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
ComboFix will also restart your computer (eventually) and then (eventually) create a log
Save this log file to be attached to a new reply
Bu Malwarebytes (updated :grinthumb) was only run for 4mins - quick scan
This program runs for 10 mins
And it's very good at catching undetected malware, please run this:Download Combofix
Lots of info on its use h e r e
Direct download h e r e
Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
ComboFix will also restart your computer (eventually) and then (eventually) create a log
Save this log file to be attached to a new reply
You have a lot of Spyware protecting programs installed
I'll name a few that I can see:
Could be more, but you should uninstall the lot. Except leave Avira and Malwarebytes installed only
Then run the AVG8 removal tool
Then Restart
Then update Avira
Then run a full scan
I'll name a few that I can see:
Could be more, but you should uninstall the lot. Except leave Avira and Malwarebytes installed only
Then run the AVG8 removal tool
Then Restart
Then update Avira
Then run a full scan
Start->Run-> combofix /u
Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK
It seems to be clean, but do this anyway
CCleaner to remove all temp files (by the way this program has just updated, download and run install again)
CCleaner and click the Registry button (on far left in the program) "Scan for issues" Fix all, no backup necessary
Then do the "Scan for issues" again, Fix all, and keep doing this until clean
Then download Kcleaner
Default settings is good, but I actually select all items (therefore all is good)
Start that, and remove more temp stuff
Then, restart
Then report on findings
Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK
It seems to be clean, but do this anyway
CCleaner to remove all temp files (by the way this program has just updated, download and run install again)
CCleaner and click the Registry button (on far left in the program) "Scan for issues" Fix all, no backup necessary
Then do the "Scan for issues" again, Fix all, and keep doing this until clean
Then download Kcleaner
Default settings is good, but I actually select all items (therefore all is good)
Start that, and remove more temp stuff
Then, restart
Then report on findings
All of a sudden you have Bittorent installed (this was not in your original log)
Bittorent is a filesharing program and basically allows insecurity to your system, plus it is usually used by many younger (and sometimes older) individuals, to download software and music\movies etc from other individuals. Which usually carries malware (or should I say always, or just about always)
So therefore I cannot see you ever being "clean" with this installed
Your choice of course, but there's no use me continuing on with this installed.
You also have RelevantKnowledge installed. This was installed with Kcleaner I recommended. There may have been some confusion when I said default settings - I meant when the program is initially running and you are given the options on what to tick and untick. But during the installation of Kcleaner, RelevantKnowledge was not required (it was stated as OPTIONAL install)
No issue, just uninstall it
But you will need to run Malwarebytes again (update it manually first) then do a full scan. It should remove the remaining RelevantKnowledge entries
I have since reworded my try Kcleaner to say uncheck RelevantKnowledge during install, actually I even created a Pic (It needs a little work still )
Bittorent is a filesharing program and basically allows insecurity to your system, plus it is usually used by many younger (and sometimes older) individuals, to download software and music\movies etc from other individuals. Which usually carries malware (or should I say always, or just about always)
So therefore I cannot see you ever being "clean" with this installed
Your choice of course, but there's no use me continuing on with this installed.
You also have RelevantKnowledge installed. This was installed with Kcleaner I recommended. There may have been some confusion when I said default settings - I meant when the program is initially running and you are given the options on what to tick and untick. But during the installation of Kcleaner, RelevantKnowledge was not required (it was stated as OPTIONAL install)
No issue, just uninstall it
But you will need to run Malwarebytes again (update it manually first) then do a full scan. It should remove the remaining RelevantKnowledge entries
I have since reworded my try Kcleaner to say uncheck RelevantKnowledge during install, actually I even created a Pic (It needs a little work still
)
Bobbye
Posts: 16,313 +36
Thanks kimsland for helping. Got home from hospital yesterday, it will take a bit to get up to speed.
massguy, when you are cleaning malware from a system, you shouldn't be adding programs or updates, unless the person helping is specifically telling you to. I looked over the HijackThis logs and see new processes in each. Follow Kim's help. You have a lot of unnecessary processes running and I also agree, overkill in security programs.
I found this "Askbar Removal Tool". It is hard to find and remove all it's entries. I haven't used this removal so let us know how it works for you.
http://www.2squared.com/glossary_details.php?ID=2717
When the system is clean, we have you remove all the cleaning tools and old restore points.
massguy, when you are cleaning malware from a system, you shouldn't be adding programs or updates, unless the person helping is specifically telling you to. I looked over the HijackThis logs and see new processes in each. Follow Kim's help. You have a lot of unnecessary processes running and I also agree, overkill in security programs.
I found this "Askbar Removal Tool". It is hard to find and remove all it's entries. I haven't used this removal so let us know how it works for you.
http://www.2squared.com/glossary_details.php?ID=2717
When the system is clean, we have you remove all the cleaning tools and old restore points.
- Status
Similar threads
Latest posts
-
Generative AI could soon decimate the call center industry, says CEO- Jigs Gaton replied
-
BlizzGone: Blizzard cancels 2024 convention but promises an eventual return- Superconductor replied
